Security feature bypass

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...

Security feature bypass

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost userid value via a modified URL, related to a "mass assignment" vulnerability...

CVE-2008-7309

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost userid value via a modified URL, related to a "mass assignment" vulnerability...

CVE-2008-7309

CVE-2008-7309 describes a mass-assignment flaw in Insoshi prior to 20080920, where an attacker can bypass restrictions by manipulating a request hash to set ForumPost.user_id via a modified URL. The issue stems from insufficient restrictions on model attribute assignment. The core impact is unaut...

CVE-2008-7310

CVE-2008-7310 involves Spree 0.2.0 where improper mass assignment allows an attacker to manipulate a hash to set the Order state via a modified URL, bypassing the intended payment step. The core issue is inadequate restrictions on model attribute assignment, enabling remote modification of order ...

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

CVE-2012-2055

GitHub Enterprise before 20120304 is affected by a mass-assignment vulnerability where the software does not properly restrict a hash when filling model attributes, allowing remote attackers to set public_key[user_id] via a manipulated URL to the public-key update form. Root cause: inadequate fil...

CVE-2012-2054

CVE-2012-2054 refers to a mass-assignment vulnerability in Redmine prior to version 1.3.2. The issue allows remote attackers to set attributes for multiple models (Comment, Document, IssueCategory, MembersController, Message, News, TimeEntry, Version, Wiki, UserPreference, Board) by manipulating ...

CVE-2012-2055

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the publickeyuserid value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability...

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

PT-2012-3769 · Github · Github Enterprise

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise versions prior to 20120304 Description: The issue allows remote attackers to set the public keyuser id value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. This occurs becaus...

DSA-2443-1 linux-2.6 - several

Bulletin has no description...

Ruby On Rails Attributes Mass Assignment Scanner

This module scans Ruby On Rails sites for models with attributes not protected by attrprotected or attraccessible. After attempting to assign a non-existent field, the default rails with activerecord setup will raise an ActiveRecord::UnknownAttributeError exception, and reply with HTTP code 500...

Liferay Portal 6.1 - 6.0.x Privilege Escalation

Exploit for java platform in category web applications Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of...

redmine -- multiple vulnerabilities

Redmine reports: Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability...

kernel: kvm: device assignment DoS

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

kvm security and bug fix update

kvm-83-249.0.1.el5 - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch - modify kversion to fix build failure kvm-83-249.el5 - kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch bz770101 - CVE: CVE-2011-4622 - Resolves: bz770101...

kernel: kvm: device assignment DoS

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

Microsoft Windows CSRSS SrvDeviceEvent Code Execution (MS11-063; CVE-2011-1967)

A code execution vulnerability has been reported in Windows CSRSS. The vulnerability is due to a CSRSS memory assignment issue. An attacker can exploit this vulnerability by convincing an unsuspecting user to open a malicious executable file. Successful exploitation of this vulnerability may enab...

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service memory corruption via a crafted application that triggers an incorrect...